An improved ant colony system algorithm for solving the IP traceback problem

The difficulty in identifying the origin of an attack over the Internet is termed the IP traceback (IPTBK) problem. The probable origin of an attack is commonly investigated using some form of ant colony system (ACS) algorithms. However, such algorithms tend to converge to a local suboptimal solution, meaning that the perpetrator of the attack cannot be found. Therefore, the present study proposes a modified ACS scheme (denoted as ACS-IPTBK) that can identify the true attack path even without the entire network routing information. The ability of the ants to search all feasible attack paths was enhanced using a global heuristic mechanism in which the ant colony was partitioned into multiple subgroups, with each subgroup having its own pheromone updating rule. The performance of the ACS-IPTBK algorithm in reconstructing the attack path was investigated through a series of ns2 simulations by using network topologies generated by the Waxman model. The simulations focused specifically on the effects of the ACS model parameters and network characteristics on the performance of the ACS-IPTBK scheme in converging towards the true attack path. Finally, the robustness of the proposed scheme against spoofed IP attacks was investigated. The results showed that the proposed scheme has a slightly slower convergence speed than does the conventional ACS algorithm, but yields a more globally optimal solution for the attack path, particularly in large-scale network topologies.